I, like many people, will be doing some international travel soon, my first since “the thing”. My destinations include two countries that require mobile applications to be installed so that the governments can, uh, insure my safety and the safety of others.
I am not a security expert but I do listen to the Level1 news and I’m not naive. I was wondering if a more knowledgable person would explain, or hypothesize, what kinds of security flaws could be exploited through these applications. I believe there have been multiple examples of these applications being misused already.
Here are some questions/suggestions to start the discussion…
-
On the client side, I have heard plenty of stories of insecure JavaScript libraries and so on that lead to root access and therefore grant access to anything the attacker might want out of a device. What I do not really know is how useful that would be for a random civilian’s cell phone. I do not even really know how much of my information is permanently stored or accessible on my device; it is made a bit opaque to the user. What is the worst case, and further, what is the more realistically bad case, for client side exploits?
-
These apps also probably involve a lot of phoning home, and the data on those servers is not necessarily secure. Further, the security of every country, and the lucrativeness of attacking each country, are not fully equal. Again, I do not have a strong idea of how much or how valuable this information would be to an attacker. How much personally identifiable data could be transacted in a really bad implementation of these apps, which for many countries are now mandatory to install?
-
I am considering leaving my primary device at home and bringing a burner. But I am not convinced this would even do me good. I mean, StuxNet kind of shows that someone who wants something badly enough can get it done. I’m not as important as nuclear weaponry so I am not concerned with StuxNet, but my question is, how much would a burner even help? There are these gigantic databases with browser fingerprints, StuxNet… Etc. If I used a burner while visiting these nations, uninstalled the tracking apps ASAP then turned my burner on back on my home network WiFi - how bad can that be in the worst/realistic cases (how much is really deleted when you uninstall a phone app?)?
Anyway I am obviously not an expert, but thought maybe some experts would have interesting discussions and comments on the subject!